U.S. Power Company Fined $2.7 Million for Security Flaws

U.S. Power Company Fined $2.7 Million for Security Flaws

According to an electronic filing, an unidentified American power company has reached a settlement to pay a $2.7 million penalty over significant security flaws that could have allowed hackers to gain remote access to their systems.

According to an electronic filing, an unidentified American power company has reached a settlement to pay a $2.7 million penalty over significant security flaws that could have allowed hackers to gain remote access to their systems.

According to a Notice of Penalty filed by the North American Electric Reliability Corporation, power regulators reached a settlement with the unidentified company after a security researcher found that more than 30,000 company records online were accessible without a password or any other protections. The company’s name was not disclosed.

“These violations posed a serious or substantial risk to the reliability of the bulk power station,” the filing says. The data associated with the exposure affected critical assets, including systems that control access to the unnamed company’s “control centers and substations, and a supervisory control and data acquisition (SCADA) system that stores [critical cyber asset] information.”

According to the filing, the data included usernames and “cryptographic information” of those usernames and passwords, and was exposed online for 70 days.

“Exposure of the username and cryptographic information could aid a malicious attacker in using this information to decode the passwords,” the filing said. “A malicious attacker could use this information to breach the secure infrastructure and access the internal [critical cyber assets] by jumping from host to host within the network.”

The $2.7 million penalty is pending approval of the Federal Energy Regulatory Commission.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.